Free GSEC Cryptography Practice Test 2026 — GIAC Security Essentials Questions

This free GSEC Cryptography practice test covers symmetric and asymmetric cryptography, hashing, PKI, certificates, TLS, and applied encryption for data at rest and in transit. Each question includes a detailed explanation written from a hands-on security practitioner's perspective — perfect for building your open-book index for the real GIAC Security Essentials exam.

Key Topics in GSEC Cryptography

6 Free GSEC Cryptography Practice Questions with Answers

Sample Question 1 — Cryptography

You are tasked with securing sensitive data at rest on a server. Which of the following cryptographic methods would be most appropriate to ensure that the data cannot be read by unauthorized users?

  1. A. Using symmetric encryption with AES-256 (Correct answer)
  2. B. Implementing a hash function like SHA-256
  3. C. Using asymmetric encryption with RSA
  4. D. Applying a digital signature

Correct answer: A

Explanation: A is correct because symmetric encryption, such as AES-256, is widely used to encrypt data at rest due to its efficiency and strength. B is incorrect because hash functions are used for data integrity, not confidentiality. C is incorrect because asymmetric encryption is typically used for data in transit or key exchange, not for encrypting large amounts of data at rest. D is incorrect because digital signatures are used for authentication and integrity, not for encrypting data.

Sample Question 2 — Cryptography

During a security audit, you discover that an application uses the same key for both encryption and decryption processes. Which type of encryption is being used?

  1. A. Asymmetric encryption
  2. B. Symmetric encryption (Correct answer)
  3. C. Hashing
  4. D. Steganography

Correct answer: B

Explanation: B is correct because symmetric encryption uses the same key for both encryption and decryption. A is incorrect because asymmetric encryption uses a pair of keys (public and private). C is incorrect because hashing is a one-way function, not reversible. D is incorrect because steganography is the practice of hiding data within other non-secret data.

Sample Question 3 — Cryptography

An organization wants to ensure that emails sent between executives are both encrypted and authenticated. Which technology should they use?

  1. A. SSL/TLS
  2. B. PGP/GPG (Correct answer)
  3. C. IPSec
  4. D. MD5

Correct answer: B

Explanation: B is correct because PGP/GPG provides both encryption and digital signatures for emails, ensuring confidentiality and authenticity. A is incorrect because SSL/TLS secures data in transit, not specifically emails. C is incorrect because IPSec is used for securing IP communications, not specifically for email. D is incorrect because MD5 is a hashing algorithm, not suitable for encryption or authentication.

Sample Question 4 — Cryptography

Which of the following best describes the purpose of a digital certificate in a public key infrastructure (PKI)?

  1. A. To encrypt data using symmetric keys
  2. B. To verify the identity of a public key owner (Correct answer)
  3. C. To provide a one-time password for secure access
  4. D. To store encrypted passwords for authentication

Correct answer: B

Explanation: B is correct because a digital certificate is used to verify the identity of the holder of a public key in a PKI. A is incorrect because digital certificates do not encrypt data. C is incorrect because digital certificates are not used for generating one-time passwords. D is incorrect because digital certificates do not store passwords.

Sample Question 5 — Cryptography

A security analyst is reviewing logs and notices repeated attempts to decrypt a file using different keys. Which attack is most likely being attempted?

  1. A. Man-in-the-middle attack
  2. B. Brute force attack (Correct answer)
  3. C. Replay attack
  4. D. Phishing attack

Correct answer: B

Explanation: B is correct because a brute force attack involves trying many keys or passwords to decrypt a file. A is incorrect because a man-in-the-middle attack involves intercepting communications, not attempting decryption with different keys. C is incorrect because a replay attack involves capturing and retransmitting data, not decryption attempts. D is incorrect because phishing attacks involve tricking users into giving up sensitive information, not decrypting files.

Sample Question 6 — Cryptography

A company uses a cloud-based service to store sensitive customer data. They want to ensure that even if the cloud provider's infrastructure is compromised, the data remains secure. Which encryption strategy should they implement?

  1. A. Use server-side encryption provided by the cloud provider.
  2. B. Encrypt data before uploading using client-side encryption. (Correct answer)
  3. C. Rely on the cloud provider's network security measures.
  4. D. Use a VPN to access the cloud service securely.

Correct answer: B

Explanation: Client-side encryption ensures that data is encrypted before it leaves the company's environment, meaning only the company has access to the encryption keys. This protects data even if the cloud provider's infrastructure is compromised. Option A is incorrect because server-side encryption still relies on the cloud provider's security. Option C is incorrect because network security measures do not protect data at rest. Option D is incorrect because a VPN protects data in transit, not at rest.

How to Study GSEC Cryptography

Drill these GSEC Cryptography practice questions repeatedly and update your study index after each session. Focus on building a fast lookup path from the GIAC term to your book page — this is what separates passing and failing GSEC scores. Pair this practice test with hands-on labs whenever possible; GSEC validates real-world skills, not just memorization.

About the GSEC Exam

Other GSEC Topic Areas

Start the free GSEC Cryptography practice test now | 10-question quick start | All GSEC topic areas | GSEC Cheat Sheet